popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-10-21 23:58:15

PE Imphash

badb3d94d7a44189a7eeb5528a733e61

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00005f8e 0x00006000 4.38449424108
.rdata 0x00007000 0x0002032a 0x00021000 7.73225916771
.data 0x00028000 0x0000493c 0x00003000 5.81738722716
.rsrc 0x0002d000 0x000003e8 0x00001000 1.03090820424
.reloc 0x0002e000 0x000005c4 0x00001000 2.99106437379

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0002d060 0x00000388 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library SHELL32.dll:
0x1000702c SHGetDesktopFolder
Library USER32.dll:
0x10007034 ShowOwnedPopups
Library SETUPAPI.dll:
0x10007024 SetupDiEnumDeviceInfo
Library IPHLPAPI.DLL:
0x10007008 GetIfTable
Library ADVAPI32.dll:
0x10007000 RegOverridePredefKey
Library KERNEL32.dll:
0x10007010 GetModuleFileNameW
0x10007014 LoadLibraryExA
Library OLEAUT32.dll:
0x1000701c VarR4FromI2
Library msvcrt.dll:
0x1000703c memset
`.rdata
@.data
@.reloc
9D$htP
Jn8n
4%1 O,
Jn8n
4%1 O,
Jn8n
4%1 O,
Jn8n
4%1 O,
L$@:D${
A%5<6)+to
ApTpNx
='+pqay
o>Hs^s
57_$.zS
&Q!x*pqIN%/kss9r
Y1^?f]l
Z$BV7+:
D$Hfi|$FM
9L$HuU
t$"+D$
D$8;L$H
L$49T$Ts
D$X#D$X
L$0+D$X
T$_2T$_
L$lf+L$lf
L$lf3L$lf
t`7[Cm
Nn8\Ce
7px %i
~&wq %rL
98\8 *
&eHK4f
,Y<&@.
LNa&rcl
,]<BC.
nndCh(o
OpRDuQ
nd(pT=F
WprDu8W
(eH?4>
.-9{LJM
|ylb`-
9{Ld|"
lqLeh
LN~*4T
qVq2+h
"5e@-M
mM6]2b
8huQz{
+%N$"Clq
|el-N=U
b]HGxO
(eHS4J
(eHO4b
LNa&fcl
(eHW4frfb
LNi1J#
9{qVq*+h
r=-re<*U.
[9{ofq
{qVq^+h
=SFa.R
=|m"UIkt
qVqR/h
=VToeR
\DQ(uH;
^M0n)W
R~8ztZ
=+:a.R
9{qVqv/h
n7IjrV<^6-
:IUc_q
jwRlhV
=?'a.1
KaLNHja
0'4N8fb
Ho^qZ+h
x=[:a.1
?*gMyI
(eH+4V>fb
l:-pL0AK
b]H#LN
(eHG4&afb
L=c+a.R
4*Ffb}
Dm(eH+4n7fb
0'4F6fb
LNi.J?
{qVqZ+h
qNqn+h
oVqv+h
>!k`d$
(eH'4B
i8T)3mR
/qLNa&^cj
,tUT+!*R
UT-3=U
OoLNa&fcl
TS3/-;
X4FGfb
(eH#4^Efb
9{mNq.,h
"A2nd*3
o_LNa&rcl
~nd*)y/
"[jD3M
,+%>TP
U'X1y\S
iT5eIP
?RLNiv
^_nP]jia
$mHo46*fbN#
9{mNq&+h
LNDu8o
9{ofq.+h
7}_aNS
&k(i[$
D|&mH3
e//>}u
="a.L
|j^T&3
fbyh}rW
.b5ebh
7'RygT
!B={tZ
|}8ztZ
; LNi)
LNR+M+Ij
d{_%IU
g<U&Io
N\6)qb
"d3|bS
oDl&f$
opfaFc
|yh3Q%
i|yl3n"
fjCrUS
Q\6uhb
@@fMg
!i>xrZGMEj8
jbhjSrVS
!B={tZ
qD|&mH
<;Bc_b
,Y<vl.
qX'\91
,y<6_-
:kdE|z
D/hmD\
,y<6]-
=8>C]b
pXUT39
j"+DC&
Y]<N^-
nbhjSrU<
DR(n&U4
5i|yX3
5i|yX3
eMDdE}m
&"B={tZ
k#yT6)
vC-c+?.
4r1fb>
=+f`-J
;6LNi6
fjCrU<
m'QIph
Ua*gmB
9{q~qJ,h
@,UT31
*P8zqVq2,h
d-UT-!
.w(eH[4
?hn,@`3uR
=Wj`-R
N(8zqVq
mL65)a
\8FS"F
S[D[&eH
C&a@bn=
a`-`GD)
D7hoDo
71Ly\
"AVnd*
i6i\yx,!
"A2nd*
Wpra=bel
FDu8Xg
KMaJR}
=CO`-R
Z=_Q`-T
;dOh=]
EMSm(W
0'4fWeaF
!k]7bk
246Tea
ueahj8X=_
&eH34"vea
SsndCh
QXjbV,
tZ5M)g
&"B={tZ
lKMi1J
D/hmD\
0'4:?ea
UT+_-<
X4&_ea
0'4v_ea
Kec/-.
DK&j8>6
AZ! -!
p&i0>&
TS-!=K
okm)vw
[i#wpv.
l|TS-!=L
NZ)M j7[=
(eH74.Pea{
ljTS-<
9eaXbg
KMa*nq
X=?O`-R
0NeU3'
Gpbivq
3iKMb&q
,Y<:^-
LyXna.1
O\KMi4J
PKMi4a
#5*4^r
JC{QhO
YCi6AT
wMggVuS(
m-/[tmvMF<2
V[\Xi?
~Ht{V|
>qjh)b
SMg,1 W
o_V3` x
6GXYr0{
/AA#E#c
~`%ooy
*SILQ
Yj~9^Om
)5Hj}G(,
UP,hbY
IUTMdz6%
mUTjcu,8
sUTbaq9)
9Br:bH
0_vc2n
r#bDR8
LoA<bLZ@
LwrUbLsY
LN~gb
v`AuV;
AAuV:E
;=DHP<
4E>:4+G
TWmbasicTHincludesimplerthe
mi9iaLtol
was6Xfront,9k
the29,pornt4,
51beenrocksOpt-in?andmeaningupdates.180see
buddyonly4jordan4.1X
Theysthat
separatereportedandoA7adoptedpassedabilitya
systems:117vVRtoferrariFythroughon
S58AKsurgingVfirstoi
Bseparatemaximum
multi-processusestAfterbymartin
xpackagetoandnmarineenterjQto
tocouldMozillascottP
BeenebfexedeaeFeerearyteetdiepleyedWeeeeC.7eJe
aecaeledaenoencemeets.eqAe
ehaleonejaethetcontenecheenels:
Leuseesfiest
yHeteepeesedreeoee
beoeseesoineetallic
toeeneteeseeppee
aepleceteon.vNesteveeetern.teee
__TEST__APP.EXE
gpoiree
ldollirefgt.dll
DDplsoecrVwqase
kernel32.Sleep
rpidebbfll.pdb
SHGetDesktopFolder
SHELL32.dll
ShowOwnedPopups
USER32.dll
SetupDiEnumDeviceInfo
SETUPAPI.dll
GetIfTable
IPHLPAPI.DLL
RegOverridePredefKey
ADVAPI32.dll
GetModuleFileNameW
LoadLibraryExA
KERNEL32.dll
OLEAUT32.dll
memset
msvcrt.dll
`#B1r;e
h:Br6=]
<l7[Ee
JDr&=`/
N')6i7O
m8\AuzI
PSE617
ti7S)-N
+aq$Ae
[DrV=X3
\X]Q=3
>2?8?>?D?J?
0 0$0(0,0004080<0@0D0H0L0P0T0X0
1 1$1L1X1\1`1d1h1l1p1t1x1|1
2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2
3 3$3(3,3034383<3@3D3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4|4
5 5H5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6|6
7 7$7(7,7074787<7@7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8x8
9D9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:x:|:
; ;$;(;,;0;4;8;<;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<t<
jofalikematchmaggietheirb
6969PattackerininwhichgZa
uPwn2Ownseveral2t8AXKsubmissions
xsewfourJ9theWindows
chesterLinux.43Mmain9S
boundaryLarmfoundx
KMfirstthatthemesL
Preferrg6
interracersingErtensionsprevrouslyusingY
oursideitpwitrexisting1r11colrertion.29rxploter,
pages.UtptateotherGtogtetheEtheoptfor
Altetnatively,iJother,c
Xatdtransferredt012,setutityv
VS_VERSION_INFO
StringFileInfo
000004b0
CompanyName
Sun Microsystems, Inc.
FileDescription
Java(TM) 2 Platform Standard Edition binary
FileVersion
8.3.00.0
Full Version
8.3.0_00-b00
InternalName
LegalCopyright
Copyright
OriginalFilename
dttl.dll
ProductName
Dttl(AA) 2 Niweaheo Nnesdsts Asbddqs 5.0 Urdate 6
ProductVersion
8.3.00.0
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.4aa41378b7c70001
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Gen:NN.ZedlaF.34236.lu8@aaNh@Xn
Cyren Clean
Symantec Packed.Generic.517
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky VHO:Trojan-Downloader.Win32.Cridex.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic@ML.82 (RDML:LTy1E/I+261Zx9TcvEVb/g)
Ad-Aware Clean
TACHYON Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
CMC Clean
Sophos Mal/EncPk-APX
SentinelOne Static AI - Suspicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Drixed-FJX!4AA41378B7C7
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet Clean
Avast Clean
MaxSecure Clean
No IRMA results available.